IPv6 – DNS Part 2 (serving DNS over IPv6)

As I pointed out in the last IPv6 post, there are three parts of getting to “IPv6 DNS” and we only accomplished Step 1.

  1. The first is to get AAAA (quad-A) records into your DNS system. At that point clients can ask for the AAAA records over IPv4 and everything will work just fine.
  2. The second is for you to actually serve your DNS zones over IPv6.
  3. The third is to get hooked into the global IPv6 DNS system, so that others can resolve your IPv6 addresses.

Here we go with Part 2, to get our own Bind name server to listen (and answer) on IPv6 transport.

Depending on your particular version of Bind and Linux, you may already be ready to listen for queries on IPv6. Look in /etc/bind for the config file that contains the Bind options. In my version of Ubuntu, this is /etc/bind/named.conf.options

All you need is the following directive:

listen-on-v6 {any};

This tells bind to listen on all IPv6 interfaces. There’s an implied “listen-on {any};” which does the same for IPv4. In both cases, you can also use the “listen” directive to select specific interfaces or ports for Bind to listen to in IPv4 and IPv6.

After changing the config file and restarting Bind, we can query DNS over IPv6 from the same computer:

server$ dig -6 +short @::1  www.thuktun.org aaaa         #::1 is the IPv6 loopback address
2001:470:67:88::10

Let’s try it from a client:

client$ dig -6 +short @2001:470:67:88::10 ipv6.thuktun.org aaaa       # that IPv6 address is the address of my DNS server
2001:470:67:88::10

And, we’re done with Step 2. But what happens if we don’t provide a specific DNS name server?

client$ dig -6 ipv6.thuktun.org aaaa
; <<>> DiG 9.6-ESV-R4-P3 <<>> -6 ipv6.thuktun.org aaaa
;; global options: +cmd
;; connection timed out; no servers could be reached

My DNS server is fine, BUT there’s something wrong when I query starting from the ROOT name servers. And that’s what we’ll look into next time.

Advertisements
  1. #1 by nomad on December 15, 2011 - 12:38 pm

    The named that comes with FBSD wants a slightly different version of the listen-on-v6 line:

    listen-on-v6 { any; };

    Note the ; inside the braces, as well as the closing one.

  1. IPv6 DNS Part 3 (authoritative DNS via IPv6 transport) « Thuktun (Message)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: